package com.sq.universe.magic.conf;

import com.sq.universe.base.constants.BaseConstants;
import com.sq.universe.base.dao.AuthorityDao;
import com.sq.universe.base.utils.AuthUtils;
import com.sq.universe.system.entity.UserEntity;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.ssssssss.magicapi.exception.MagicLoginException;
import org.ssssssss.magicapi.interceptor.Authorization;
import org.ssssssss.magicapi.interceptor.AuthorizationInterceptor;
import org.ssssssss.magicapi.interceptor.MagicUser;

import javax.servlet.http.HttpServletRequest;

@Component
public class CustomAuthorizationInterceptor implements AuthorizationInterceptor {

    @Autowired
    private AuthorityDao authorityDao;

    /**
     * 配置是否需要登录
     */
    @Override
    public boolean requireLogin() {
        return true;
    }

    /**
     * 根据Token获取User
     */
    @Override
    public MagicUser getUserByToken(String token) throws MagicLoginException {
        try {
            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
            UserEntity userEntity = (UserEntity)SecurityUtils.getSubject().getSession().getAttribute(BaseConstants.CURRENT_USER);
            if(userEntity == null){
                userEntity = AuthUtils.getCurrentUser();
            }
            return new MagicUser(userEntity.getUserLoginName(),userEntity.getUserLoginName(),SecurityUtils.getSubject().getSession().getId().toString());
        }catch (Exception e){
            throw new MagicLoginException("token无效");
        }
    }

    @Override
    public MagicUser login(String username, String password) throws MagicLoginException {
        Subject currentUser = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username,password);
        currentUser.login(token);
        return new MagicUser(username,username,SecurityUtils.getSubject().getSession().getId().toString());
//        throw new MagicLoginException("用户名或密码不正确");
    }

    /**
     * 验证是否有权限访问功能
     */
    @Override
    public boolean allowVisit(MagicUser magicUser, HttpServletRequest request, Authorization authorization) {
        // Authorization.SAVE   执行保存接口、函数
        // Authorization.VIEW   查看接口、函数
        // Authorization.DELETE 删除接口、函数
        // Authorization.DOWNLOAD   导出接口、函数
        // Authorization.UPLOAD 上传接口、函数
        // Authorization.DATASOURCE_SAVE    保存数据源
        // Authorization.DATASOURCE_VIEW    查看数据源详情
        // Authorization.DATASOURCE_DELETE  删除数据源

        // 不允许删除
        return authorization != Authorization.DELETE ;
    }

}